US9094382B2 - Electronic key registration system - Google Patents

Abstract

An immobilizer ECU transmits a vehicle ID code and a SEED code, which is read from an electronic key, to a data center online. The data center generates an encryption key from the received SEED code and a first logic, and generates a further SEED code from the encryption key, the vehicle ID code, and a second logic. The immobilizer ECU obtains the further SEED code online from the data center, generates the encryption key from the obtained further SEED code, the vehicle ID code, and the second logic, and stores the encryption key.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is based upon and claims the benefit of priority from prior Japanese Patent Application No. 2012-129306, filed on Jun. 6, 2012, the entire contents of which are incorporated herein by reference.

BACKGROUND ART

The present invention relates to a registration system that registers an electronic key to a controller of a communication subject.

A known electronic key system performs wireless communication between a vehicle and an electronic key, which is held by a user of the vehicle to lock and unlock doors or start and stop the engine when the electronic key is verified. In such an electronic key system, the communication between the electronic key and the vehicle is encrypted and thereby protected to maintain a certain level of security (for example, refer to Japanese Laid-Open Patent Publication No. 2009-302848).

Encrypted communication may be performed by employing symmetric-key cryptosystem that uses the same encryption key for encryption and decryption. A shared key, that is, the same encryption key, is registered to an electronic key and a vehicle that perform encrypted communication in compliance with the symmetric-key cryptosystem. The registration of the encryption key to the electronic key and the vehicle is performed when registering the electronic key to a controller of the vehicle. The controller verifies the electronic key by comparing identification information received from the electronic key with identification information stored in its memory.

In an electronic key registration system that registers an electronic key to a controller, to avoid registration of an electronic key other than that of the user, the inventors of the present invention have considered storing in advance a vehicle ID code (identification information unique to a communication subject) of a vehicle (communication subject) to the controller and the electronic key, and then shipping the controller and the electronic key together out of a factory. In this example, however, the shipping becomes complicated, and an additional electronic key cannot be registered at a later date. The inventors of the present invention have also considered shipping out the controller, which stores a vehicle ID, and the electronic key separately from a factory. However, in this case, someone may tamper with the vehicle ID code. Such a problem is not limited to an electronic key system used in a vehicle and may also occur in an electronic key system used in a building such as a house.

SUMMARY

It is an object of the present invention to provide an electronic key registration system that facilitates registration of an electronic key to a controller while maintaining a certain security level.

To achieve the above object, one aspect of the present invention is an electronic key registration system that registers an electronic key to a communication subject. The electronic key registration system includes a controller arranged in the communication subject and capable of accessing a data center through at least a network. An initial electronic key, a first additional electronic key, and a second additional electronic key, each hold a unique key ID code and a unique encryption key. Each encryption key is used for encrypted communication between the corresponding electronic key and the communication subject to perform verification. A computer-readable medium has instructions stored thereon that include first to fifth set of instructions. The first set of instructions is configured to store a communication subject ID code in the controller when manufacturing the controller. The second set of instructions is configured to generate, with the first additional electronic key, the encryption key of the first additional electronic key by performing a computation using a first encryption key generation code stored in the first additional electronic key and a first logic; store the generated encryption key in the first additional electronic key; and manufacture the first additional electronic key. The third set of instructions is configured to transmit, with the controller to the data center online, the communication subject ID code and the first encryption key generation code that is stored in the first additional electronic key; generate, with the data center, the electronic key encryption key of the first additional electronic key by performing a computation using the received first encryption key generation code and the first logic; generate, with the data center, a second encryption key generation code by performing a computation using the generated electronic key encryption key, the communication subject ID code, and the second logic; obtain, with the controller online, the second encryption key generation code from the data center; generate, with the controller, the encryption key of the first additional electronic key by performing a computation using the communication subject ID code, the obtained second encryption key generation code, and the second logic; and store, in the controller, the generated electronic key encryption key to register the first additional electronic key. The fourth set of instructions is configured to store, in the second additional electronic key, the communication subject ID code corresponding to information indicated on an order sheet, a third encryption key generation code used to generate the encryption key of the second additional electronic key, the encryption key of the second additional electronic key generated by performing a computation using the communication subject ID code, the third encryption key generation code, and a second logic; and manufacture the second additional electronic key. The fifth set of instructions are configured to read, with the controller, the third encryption key generation code from the second additional electronic key; generate, with the controller that is disconnected from the data center, the encryption key of the second additional electronic key by performing a computation using the third encryption key generation code, the communication ID code stored in the controller, and the second logic; and store, in the controller that is disconnected from the data center, the encryption key of the second additional electronic key.

Other aspects and advantages of the present invention will become apparent from the following description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention, together with objects and advantages thereof, may best be understood by reference to the following description of the presently preferred embodiments together with the accompanying drawings in which:

FIG. 1 is a block diagram of an electronic key registration system;

FIG. 2 is a schematic diagram illustrating manufacturing steps of an initial electronic key;

FIG. 3 is a schematic diagram illustrating initial registration steps;

FIGS. 4A and 4B illustrate a sequence chart of the initial registration steps;

FIG. 5 is a schematic diagram illustrating manufacturing steps of an additional electronic key;

FIG. 6 is a schematic diagram illustrating registration steps of the additional electronic key;

FIGS. 7A and 7B illustrate a sequence chart of the registration steps of the additional electronic key;

FIG. 8 is a schematic diagram illustrating manufacturing steps of an additional electronic key;

FIG. 9 is a schematic diagram illustrating manufacturing steps of an additional electronic key; and

FIG. 10 is a sequence chart of the registration steps of the additional electronic key.

DETAILED DESCRIPTION OF EMBODIMENT

An electronic key registration system according to a first embodiment of the present invention will now be described with reference toFIGS. 1 to 16.

Referring toFIG. 1, avehicle1 includes an immobilizer that performs, for example, near field communication with anelectronic key2 to execute ID verification. In the description hereafter, near field communication refers to wireless communication performed within a communication distance of several centimeters. Theelectronic key2 includes atransponder4, which may be an ID tag. Thetransponder4 is activated by drive radio waves transmitted from acoil antenna5 of thevehicle1, and transmits a key ID signal. Theimmobilizer system3 includes an immobilizer ECU6. The immobilizer ECU6 performs ID verification based on the key ID signal sent from thetransponder4. Thevehicle1 is one example of a communication subject. Theimmobilizer system3 is one example of an electronic key system. The immobilizer ECU6 is one example of a controller.

An in-vehicle LAN13 connects the immobilizer ECU6 to anengine ECU12, which controls anengine11. The immobilizer ECU6 includes amemory69. An ID code of theelectronic key2 is registered to thememory69. The ID code of theelectronic key2 is associated with thevehicle1. The immobilizer ECU6 is connected to thecoil antenna5 that is capable of transmitting and receiving radio waves on, for example, the low frequency (LF) band and a high frequency (HF) band. In the preferred example, thecoil antenna5 is a magnetic field antenna and arranged in a key cylinder.

Thetransponder4 includes acontrol unit41 that controls the communication operation of thetransponder4. Thecontrol unit41 includes amemory42. A key ID code KID unique to theelectronic key2 is registered to thememory42. The key ID code KID may be a transponder code. Thetransponder4 includes a transmission-reception antenna21 that is capable of transmitting and receiving radio waves on LH band radio waves and HF band radio waves. Theantenna21 may have the same structure as acoil antenna5.

When detecting the insertion of theelectronic key2 into the key cylinder, theimmobilizer ECU6 intermittently transmits drive radio waves from thecoil antenna5. For example, if a user enters thevehicle1 and inserts theelectronic key2 into the key cylinder to start theengine11, when the key cylinder is operated, thetransponder4 receives the drive radio waves transmitted from thecoil antenna5 with the transmission-reception antenna21. The drive radio waves function as a power supply that activates thetransponder4. The activatedtransponder4 transmits a key ID signal, which includes the key ID code, from the transmission-reception antenna21. When thecoil antenna5 receives the key ID signal from thetransponder4, theimmobilizer ECU6 performs ID verification (immobilizer verification) on the key ID code in the received key ID signal. When ID verification is accomplished, theimmobilizer ECU6 stores an ID verification accomplishment flag in thememory69.

An ignition switch (IGSW)14 is arranged in the key cylinder to detect the rotational position of theelectronic key2. For example, when theignition switch14 detects that theelectronic key2 has been arranged at an engine start position, theengine ECU12 receives an ID verification result from theimmobilizer ECU6. When verification has been accomplished, theengine ECU12 starts ignition control and fuel injection control for theengine11 and starts theengine11.

In addition to verifying the key ID code of theelectronic key2, theimmobilizer ECU6 performs challenge-response verification. The challenge-response verification will now be described. First, thevehicle1 transmits a challenge code, which is, for example, a random number code, from thevehicle1 to theelectronic key2. Theelectronic key2 computes a response code and sends back the response code to thevehicle1. Theimmobilizer ECU6 of thevehicle1 also computes a response code and determines whether or not the computed response code conforms to the response code received from theelectronic key2. When the response codes are in conformance, theelectronic key2 is verified. In the illustrated example, symmetric-key cryptosystem that uses the same encryption key is employed for the verifications performed by theimmobilizer ECU6 and thetransponder4. Theelectronic key2 and theimmobilizer ECU6 store the same encryption key. Each of theelectronic key2 and theimmobilizer ECU6 performs a computation using the stored encryption key to generate a challenge code from the response code.

Thememory42 of thetransponder4 stores the key ID code KID of theelectronic key2, a SEED code SC used to generate an electronic key encryption key K, and the electronic key encryption key K used for verification. The SEED code SC differs between each electronic key. The SEED code SC is also referred to as an encryption key generation code.

In the description hereafter, the term online refers to a situation in which theimmobilizer ECU6 can communicate with adata center10 through at least anetwork20. The term offline refers to a situation in which theimmobilizer ECU6 cannot communicate with thedata center10 through at least thenetwork20.

The term initial registration refers to the first registration of theelectronic key2 to the vehicle1 (e.g., immobilizer ECU6). The term additional registration refers to the registration of a further electronic key performed when at least one electronic key has already been registered to the vehicle1 (e.g., after vehicle has been shipped out from a vehicle manufacturer). The term online additional registration refers to the additional registration of an electronic key performed online. The term offline additional registration refers to the additional registration of an electronic key performed offline. Theelectronic key2 that undergoes initial registration may be referred to as initialelectronic key2a. Theelectronic key2 that undergoes online additional registration may be referred to as an online additionalelectronic key2bor a first additional electronic key. Theelectronic key2 that undergoes offline additional registration may be referred to as an offline additionalelectronic key2cor a second additional electronic key.

An initial registration flag indicating that initial registration of theelectronic key2 is permitted is set in thememory69 of theimmobilizer ECU6. An additional registration flag indicating that additional registration of theelectronic key2 is permitted is also set in thememory69. Further, thememory69 stores a vehicle ID code VID that is unique identification information, an electronic key encryption key K used for verification, and a key generation logic used to generate the electronic key encryption key K. The vehicle ID code VID may be referred to as a communication subject ID code.

Theimmobilizer system3 includes an electronickey registration system7 that registers theelectronic key2 to theimmobilizer ECU6. The electronickey registration system7 registers theelectronic key2 to theimmobilizer ECU6. The electronickey registration system7 stores the key ID code KID, which is stored in theelectronic key2, in an electronickey database9bof thedata center10. The electronickey database9bholds the key ID code KID for eachelectronic key2. The electronickey registration system7 stores the vehicle ID code VID, which is stored in theimmobilizer ECU6, and the key ID code KID in anECU database9aof thedata center10.

Theelectronic key2 is registered to theimmobilizer ECU6 by storing, in theimmobilizer ECU6, the key ID code KID and the electronic key encryption key K that are the same as those stored in theelectronic key2. In this registration, the electronic key encryption key K stored in theelectronic key2 is not transmitted from theelectronic key2 to theimmobilizer ECU6. Instead, theimmobilizer ECU6 obtains the SEED code SC from theelectronic key2, generates the electronic key encryption key K from the SEED code SC, and stores the electronic key encryption key K in theimmobilizer ECU6. Theimmobilizer ECU6 obtains and stores the key ID code KID of theelectronic key2 from theelectronic key2.

When the electronickey registration system7 additionally registers anelectronic key2, theimmobilizer ECU6 and aregistration tool8 perform an additional electronic key registration step that differs depending on whether the registration is performed offline or online. Further, the contents stored in thememory42 of theelectronic key2 in an additional electronic key manufacturing step performed before the additional electronic key registration step differs depending on whether the additional registration is performed online or offline.

For example, thememory42 of the offline additionalelectronic key2cstores the key ID code KID, the SEED code SC, and the electronic key encryption key K other than the vehicle ID code VID in the additional electronic key manufacturing step (refer toFIG. 5). Theimmobilizer ECU6 reads the key ID code KID and the SEED code SC from the online additionalelectronic key2band transmits the vehicle ID code VID and the SEED code SC, which are stored in theimmobilizer ECU6, to thedata center10. Thedata center10 generates the SEED code SC. Theimmobilizer ECU6 generates and stores in theimmobilizer ECU6 an electronic key encryption key K-2 for the online additionalelectronic key2bfrom the SEED code SC generated in the data center.

Thememory42 of the offline additionalelectronic key2cstores the vehicle ID code VID, the key ID code KID, the SEED code SC, and the electronic key encryption key K, which are used for verification, in the additional electronic key manufacturing step (refer toFIG. 8). Theimmobilizer ECU6 checks the vehicle ID code VID of the offline additionalelectronic key2c, reads the key ID code KID and the SEED code SC from the offline additionalelectronic key2c, and generates the electronic key encryption key K of the offline additionalelectronic key2cfrom the vehicle ID code VID and the SEED code SC.

In the electronickey registration system7, theregistration tool8 is connected to the vehicle, and theregistration tool8 switches an operation mode of theimmobilizer ECU6 to a registration mode to allow for registration of theelectronic key2 to theimmobilizer ECU6. Theregistration tool8 includes acontrol unit81, which controls theregistration tool8, anoperation unit82, which detects a registration operation carried out by a person performing registration, and adisplay unit83, which displays the registration operation. When theregistration tool8 is set to an initial registration mode for registering a newelectronic key2 by, for example, a person performing the registration, theregistration tool8 provides thevehicle1 with an initial registration signal that changes the operation mode of theimmobilizer ECU6 to the initial registration mode. Further, in response to the operation of the person performing the registration, theregistration tool8 provides thevehicle1 with an additional registration signal for changing theimmobilizer ECU6 to an additional registration mode.

Theimmobilizer ECU6 includes amode switching unit60 that switches operation modes. When provided with an initial registration signal from theregistration tool8, themode switching unit60 switches the operation mode to an initial registration mode. When provided with an additional registration signal from theregistration tool8, themode switching unit60 switches the operation mode to an additional registration mode.

Theimmobilizer ECU6 includes a vehicle ID verification unit62. The vehicle ID verification unit62 transmits a vehicle ID request signal from thecoil antenna5 to theelectronic key2. Then, the vehicle ID verification unit62 checks whether or not the vehicle ID code KID in the vehicle ID transmitted from theelectronic key2 conforms to the vehicle ID code VID registered to thememory69 of theimmobilizer ECU6.

Theimmobilizer ECU6 includes a keyID writing unit63. The keyID writing unit63 functions in an initial registration mode to write the key ID code KID read from theelectronic key2 to thememory69.

Theimmobilizer ECU6 includes aSEED reading unit64 that reads a SEED code SC to generate an electronic key encryption key K stored in theelectronic key2. When functioning in an online or offline registration mode, theSEED reading unit64 transmits a first SEED request signal, which requests for the SEED code, from thecoil antenna5 and obtains the SEED code from a SEED signal transmitted from theelectronic key2. When functioning in an online additional registration mode, theSEED reading unit64 transmits the SEED request signal online and obtains the SEED code from thedata center10. When functioning in the initial registration mode, after obtaining the SEED code SC, theSEED reading unit64 transmits a SEED deletion signal to delete the SEED code SC from theelectronic key2.

Theimmobilizer ECU6 includes a SEEDgeneration request unit65 that instructs thedata center10 to generate a SEED code SC from the electronic key encryption key K. When functioning in the additional registration mode, if the SEED code is not stored in thedatabase9, the SEEDgeneration request unit65 transmits a SEED generation signal to the data center. In response to the SEED generation request signal, thedata center10 generates a SEED code SC.

Theimmobilizer ECU6 includes an encryptionkey generation unit66 that generates an electronic key encryption key K. The encryptionkey generation unit66 functions in the initial registration mode and generates the electronic key encryption key K by performing a computation with the SEED code SC, which is obtained by theSEED reading unit64, and the key generation logic f. The encryptionkey generation unit66 also functions in an offline additional registration mode and generates the electronic key encryption key K by performing a computation with the SEED code SC and the vehicle ID code VID, which are obtained by theSEED reading unit64 from the offline additionalelectronic key2c, and a key generation logic g. Further, the encryptionkey generation unit66 functions in an online additional registration mode and generates the electronic key encryption key K by performing a computation with the SEED code SC and the vehicle ID code VID, which are obtained by theSEED reading unit64 from thedata center10, and the key generation logic g. The key generation logic f functions as a third logic, and the key generation logic g functions as a second generation logic.

Theimmobilizer ECU6 includes an encryptionkey registration unit67 that registers the generated electronic key encryption key K and changes a flag. The encryptionkey registration unit67 functions in the initial registration mode and, stores, in thememory69, the electronic key encryption key K generated by the encryptionkey generation unit66 to register the electronic key encryption key K to theimmobilizer ECU6. In the initial registration mode, when an initial registration prohibition operation is detected after the electronic key encryption key K is stored, the encryptionkey registration unit67 prohibits initial registration. One example of an initial registration restriction operation is an operation repeating on/off of theignition switch14 for twenty times. In the additional registration mode, the encryptionkey registration unit67 stores the electronic key encryption key K and prohibits subsequent additional registrations.

Theimmobilizer ECU6 includes adatabase updating unit68 that stores the key ID code, which is registered to theimmobilizer ECU6, to thedatabase9. When obtaining the key ID code KID, thedatabase updating unit68 transmits a data update signal to thedatabase9 and updates thedatabase9. The database update signal includes the vehicle ID code VID and the key ID code KID stored in thememory69 of theimmobilizer ECU6.

With reference toFIGS. 2 to 10, registration of theelectronic key2 to theimmobilizer ECU6 with the electronickey registration system7 will now be described with reference toFIGS. 2 to 10.

Referring toFIG. 2, in an initial manufacturing step, a vehicle ID code VID-A is stored in thememory69 of the initially manufacturedimmobilizer ECU6. In thememory69, the initial registration flag indicates that initial registration is permitted, and the additional registration flag indicates that additional registration is permitted. In the initial manufacturing step, thememory42 of the initialelectronic key2astores a key ID code KID-1, a SEED code SC-1f, and an electronic key encryption key K-1, which is generated by performing a computation using the SEED code SC-1f and the key generation logic f. The initial manufacturing step includes an initial electronic key manufacturing step.

The registration of the initialelectronic key2ain a factory will now be described with reference toFIGS. 3,4A and4B. In the initial registration step, theregistration tool8 is connected to thevehicle1 to perform a registration operation. Theimmobilizer ECU6 is installed in thevehicle1, and the initialelectronic key2ais registered to theimmobilizer ECU6 installed in thevehicle1.

Referring toFIG. 3, in the initial registration step, theimmobilizer ECU6 writes the vehicle ID code VID-A to theelectronic key2. Further, theimmobilizer ECU6 reads the key ID code KID-1 from theelectronic key2 and performs a computation with the SEED code SC-1f from theelectronic key2 and the key generation logic f obtained from theelectronic key2 to generate the electronic key encryption key K-1. Then, theimmobilizer ECU6 stores the electronic key encryption key K-1 in thememory69. Theelectronic key2 deletes the SEED code SC-1f from thememory42. TheECU database9aof thedata center10 stores the key ID code KID-1 of the initialelectronic key2a.

In detail, referring toFIGS. 4A and 4B, when the person performing registration operates theoperation unit82 to set initial registration, theregistration tool8 provides theimmobilizer ECU6 with an initial registration signal, which serves as an initial registration instruction (step S1). When receiving the initial registration signal, themode switching unit60 switches theimmobilizer ECU6 to an initial registration mode that registers theelectronic key2 to theimmobilizer ECU6 for the first time (step S2).

Then, theimmobilizer ECU6 transmits a vehicle ID signal (step S3). For example, a vehicleID writing unit61 transmits a vehicle ID signal including the vehicle ID code VID-A to theelectronic key2 from thecoil antenna5.

When theelectronic key2 receives the vehicle ID signal, theelectronic key2 writes the vehicle ID code VID, which is included in the vehicle ID signal (step S4). For example, thetransponder4 stores the vehicle ID code VID-A in thememory42.

Then, the keyID writing unit63 of theimmobilizer ECU6 transmits a key ID request signal, which requests for the key ID code KID-1, to theelectronic key2 from the coil antenna5 (step S5).

When theelectronic key2 receives the key ID request signal, thetransponder4 transmits a key ID signal, which includes the key ID code KID-1 stored in thememory42, to theimmobilizer ECU6 from the transmission-reception antenna21 (step S6).

When theimmobilizer ECU6 receives the key ID signal, the keyID writing unit63 writes the key ID code KID-1, which is included in the key ID signal, to the memory69 (step S7).

After theimmobilizer ECU6 writes the key ID code KID, in step S8, the SEED reading unit transmits a first SEED request signal that requests for the SEED code SC-1f from thecoil antenna5.

When theelectronic key2 receives the first SEED request signal, in step S9, thetransponder4 transmits a SEED signal including the SEED code SC-1f that is stored in thememory42 from the transmission-reception antenna21.

In step S10, theSEED reading unit64 of theimmobilizer ECU6 obtains the SEED code SC-1f from the received SEED signal. The encryptionkey generation unit66 performs a computation with the SEED code SC-1f obtained by theSEED reading unit64 and the key generation logic F to generate an electronic key encryption key K-1. Thus, theimmobilizer ECU6 does not directly obtain the electronic key encryption key K-1 from theelectronic key2. Rather, theimmobilizer ECU6 obtains the SEED code SC-1f from theelectronic key2 and generates the electronic key encryption key K-1 from the SEED code SC-1.

The encryptionkey registration unit67 of theimmobilizer ECU6 stores the electronic key encryption key K-1 generated by the encryptionkey generation unit66 in the memory69 (step S11). In this manner, the electronic key encryption key K-1 is registered to theimmobilizer ECU6. Theimmobilizer ECU6 uses the registered electronic key encryption key K-1 to allow for immobilizer verification to be performed with theelectronic key2.

In step S12, thedatabase updating unit68 provides a database update signal via theregistration tool8 to thedata center10 to update the information of thedata center10. Theregistration tool8 that receives the database update signal updates the information of thedata center10 through thenetwork20. In step S13, thedata center10 stores the key ID code KID-1 of the additional registrationelectronic key2 in theECU database9a.

When the initial registration prohibition operation is detected (step S14), the encryptionkey registration unit67 prohibits initial registration. Thus, theimmobilizer ECU6 does not perform initial registration of theelectronic key2.

Additional registration of theelectronic key2bperformed online will now be described with reference toFIGS. 5 to 7B.

With reference toFIG. 5, a step for manufacturing the online additionalelectronic key2bthat may be registered online will now be described. The online additionalelectronic key2bis manufactured in, for example, a key manufacturing factory. Since the online additionalelectronic key2bcan be registered online, an order sheet for manufacturing the online additionalelectronic key2bdoes not have to include a vehicle ID code VID that specifies a vehicle. A key ID code KID-2, a SEED code SC-2h, and an electronic key encryption key K-2, which is generated through a computation using the SEED code SC-2h and a key generation logic h, are stored in thememory42 of the online additionalelectronic key2b. The key generation logic functions as a first generation logic.

An online additional registration step performed at an approved location such as a maintenance garage will now be described with reference toFIGS. 6,7A and7B. In the online additional registration step, theregistration tool8 and thevehicle1 are communicable with thedata center10 through thenetwork20. In the illustrated example, theregistration tool8 is connected to thevehicle1, and thevehicle1 is communicable with thedata center10 through theregistration tool8.

Referring toFIG. 6, in the online additional registration step, theimmobilizer ECU6 reads the SEED code SC-2h from the online additionalelectronic key2b. Theimmobilizer ECU6 transmits the vehicle ID code VID-A and the SEED code SC-2h of theelectronic key2bto thedata center10. Thedata center10 generates a SEED code SC-A2. Thedata center10 generates the electronic key encryption key K-2 by performing a computation using the SEED code SC-A2 and the key generation logic h. Further, thedata center10 generates a SEED code SC-2Ag by performing a computation using the generated electronic key encryption key K-2, the vehicle ID code VID-A, and the key generation logic g. Theimmobilizer ECU6 reads the generated SEED code SC-2Ag from thedata center10. Theimmobilizer ECU6 generates the electronic key encryption key K-2 by performing a computation using the vehicle ID code VID-A, the read SEED code SC-2Ag, and the key generation logic g. Theimmobilizer ECU6 stores the generated electronic key encryption key K-2 and the key ID code KID-2, which is read from theelectronic key2b, in thememory69. Simultaneously or subsequently, thedata center10 stores the key ID code KID-2 of theelectronic key2bin theECU database9a. Theimmobilizer ECU6 transmits the vehicle ID code VID-A to theelectronic key2b. The SEED code SC-2Ag corresponds to a second encryption key generation code.

In detail, as shown inFIGS. 7A and 7B, when a person performing the registration operates theoperation unit82 and sets additional registration, theregistration tool8 provides theimmobilizer ECU6 with an additional registration signal as an additional registration instruction (step S21). When receiving the additional registration signal, theimmobilizer ECU6 switches the operation mode to the additional registration mode (step S22). For example, themode switching unit60 switches to the additional registration mode that additionally registers theelectronic key2bto theimmobilizer ECU6.

Theimmobilizer ECU6 reads the key ID code KID and the SEED code SC (step S23). For example, the keyID writing unit63 transmits a key ID-SEED request signal, which requests for the key ID code KID and the SEED code, to theelectronic key2bfrom thecoil antenna5.

When receiving the key ID-SEED request signal, theelectronic key2 transmits a key ID-SEED signal including the key ID code KID and the SEED code SC (step S24). For example, thetransponder4 transmits a key ID-SEED signal including the key ID code KID-2 and the SEED code SC-2h that are stored in thememory42 from the transmission-reception antenna21 to theimmobilizer ECU6.

When receiving the key ID-SEED signal, theimmobilizer ECU6 writes the key ID code KID-2, which is included in the key ID-SEED signal, to the memory69 (step S25).

Then, theimmobilizer ECU6 transmits the vehicle ID code VID and the SEED code SC to thedata center10, and requests thedata center10 to generate the SEED code SC (step S26). For example, the SEEDgeneration request unit65 transmits a SEED generation request signal that includes the vehicle ID code VID-A and the SEED code SC-2h.

Thedata center10 generates the electronic key encryption key K in response to the SEED generation requests signal (step S27). For example, thedata center10 generates the electronic key encryption key K-2 by performing a computation using the SEED code SC-2h received from theimmobilizer ECU6 and the key generation logic h.

Then, in step S28, thedata center10 generates the SEED code SC-2Ag by performing a computation using the generated electronic key encryption key K-2, the vehicle ID code VID-A received from theimmobilizer ECU6, and the key generation logic g.

In step S29, theSEED reading unit64 of theimmobilizer ECU6 transmits a second SEED request signal, which requests for the SEED code SC, to thedata center10.

When receiving the second SEED request signal, thedata center10 transmits a SEED signal including the SEED code SC-2Ag generated in step S28 to the immobilizer ECU6 (step S30).

In step S31, theSEED reading unit64 of theimmobilizer ECU6 obtains the SEED code SC-2Ag from the SEED signal. The encryptionkey generation unit66 generates the electronic key encryption key K-2 by performing a computation using the SEED code SC-2Ag obtained by theSEED reading unit64, the vehicle ID code VID-A, and the key generation logic g. In this manner, theimmobilizer ECU6 generates the electronic key encryption key K-2 using the SEED code SC-2Ag generated by thedata center10 and obtained from thedata center10.

In step S32, the encryptionkey registration unit67 of the immobilizer ECU stores the electronic key encryption key K-2, which is generated by the encryptionkey generation unit66, in thememory69 to register the electronic key encryption key K-2 to theimmobilizer ECU6. The registered electronic key encryption key K-2 may be used for subsequent verification of theimmobilizer ECU6 and theelectronic key2b.

In step S33, the vehicleID writing unit61 of theimmobilizer ECU6 transmits a vehicle ID signal that includes the vehicle ID code VID-A from thecoil antenna5.

When theelectronic key2breceives the vehicle ID signal, in step S34, thetransponder4 stores the vehicle ID code VID-A in thememory42 of theelectronic key2b.

In step S35, thedatabase updating unit68 of theimmobilizer ECU6 provides the database update signal to thedata center10 to update the information of thedata center10. In step S36, thedata center10 stores the key ID code KID-2 of theelectronic key2bin theECU database9a.

The additional registration of theelectronic key2cunder an offline environment will now be described with reference toFIGS. 8 to 10.

Since the offline additionalelectronic key2cis performed offline, an order sheet for manufacturing the offline additionalelectronic key2bhas to include a vehicle ID code VID that specifies a vehicle. The vehicle ID code VID of thevehicle1 to which theelectronic key2cis to be registered may be obtained beforehand from the vehicle. In one example, theimmobilizer ECU6 is programmed so that when a person performing registration carries out a certain operation on thevehicle1 to request for the vehicle ID code VID, the vehicle ID code VID is shown on thedisplay15. The person performing registration may write the vehicle ID code VID, which is shown on thedisplay15, on the order sheet. In another example, theimmobilizer ECU6 is programmed to show the vehicle ID code VID on thedisplay15 upon verification of the initialelectronic key2athat is inserted into the key cylinder.

Referring toFIG. 8, the vehicle ID code VID indicated on the order sheet specifies theimmobilizer ECU6 to which theelectronic key2cis to be additionally registered. In a manufacturing step of the offline additionalelectronic key2c, thememory42 of theelectronic key2cstores the vehicle ID code VID-A, a key ID code KID-3, a SEED code SC-3Ag, and an electronic key encryption key K-3, which is generated by performing a computation with the vehicle ID code VID-A, the SEED code SC-3Ag, and the key generation logic g.

The registration of the offline additionalelectronic key2cperformed offline in a maintenance garage or the like will now be described with reference toFIGS. 9 and 10. In an offline additional registration step, theregistration tool8 that is disconnected from thenetwork20 is connected to thevehicle1. Accordingly, theimmobilizer ECU6 cannot communicate with thedatabase9.

Referring toFIG. 9, in the offline additional registration step, theimmobilizer ECU6 reads the key ID code KID-3 and the SEED code SC-3Ag from the offline additionalelectronic key2c. Theimmobilizer ECU6 generates the electronic key encryption key K-3 by performing a computation using the vehicle ID code VID-A, the obtained SEED code SC-3Ag, and the key generation logic g. Then, theimmobilizer ECU6 stores the electronic key encryption key K-3 in thememory69. Theimmobilizer ECU6 cannot access thedata center10 and thus does not reflect the electronic key encryption key K-3 on thedatabase9.

In detail, referring toFIG. 10, when the person performing the registration operates theoperation unit82 and sets additional registration, theregistration tool8 provides theimmobilizer ECU6 with an additional registration signal as an additional registration instruction (step S41). When receiving the additional registration signal, theimmobilizer ECU6 switches the operation mode to the additional registration mode (step S42). For example, themode switching unit60 switches to the additional registration mode that additionally registers anelectronic key2 to theimmobilizer ECU6.

The vehicle ID verification unit62 of theimmobilizer ECU6 transmits a vehicle ID check signal to the offline additionalelectronic key2cfrom thecoil antenna5 to check the vehicle ID code (step S43).

When the offline additionalelectronic key2creceives the vehicle ID check signal, in step S44, thetransponder4 of theelectronic key2ctransmits a vehicle ID signal including the vehicle ID code VID-A stored in thememory42 from the transmission-reception antenna21 to theimmobilizer ECU6.

When receiving the vehicle ID signal, theimmobilizer ECU6 checks whether or not the vehicle ID code in the signal conforms to the vehicle ID code of theimmobilizer ECU6. When the codes conform (step S45), in step S46, the keyID writing unit63 of theimmobilizer ECU6 transmits a key ID-SEED request signal to the offline additionalelectronic key2cfrom thecoil antenna5 to request for the key ID code KID and the SEED code SC.

When the offline additionalelectronic key2creceives the key ID-SEED request signal, in step S47, thetransponder4 transmits a key ID-SEED signal, which includes the key ID code KID-3 and the SEED code SC-3Ag that are stored in thememory42, to theimmobilizer ECU6 from the transmission-reception antenna21.

When theimmobilizer ECU6 receives the key ID-SEED signal, in step S48, theSEED reading unit64 obtains the SEED code SC-3Ag from the key ID-SEED signal. The encryptionkey generation unit66 generates the electronic key encryption key K-3 by performing a computation with the SEED code SC-3Ag obtained by theSEED reading unit64, the vehicle ID code VID-A in thememory69, and the key generation logic g. In this manner, theimmobilizer ECU6 uses the SEED code SC-3Ag obtained from the offline additionalelectronic key2cto generate the electronic key encryption key K-3.

In step S49, the encryptionkey registration unit67 of theimmobilizer ECU6 stores the electronic key encryption key K-3, which is generated by the encryptionkey generation unit66, in thememory69 to register the electronic key encryption key K-3 to theimmobilizer ECU6. The registered electronic key encryption key K-3 may be used for subsequent verification of theimmobilizer ECU6 and theelectronic key2c.

In the electronickey registration system7, regardless of whether or not theimmobilizer ECU6 is communicable with thedata center10, theelectronic key2 may be additionally registered. Further, theimmobilizer ECU6 obtains the SEED code SC from theelectronic key2, and generates electronic key encryption key K from the SEED code SC. The electronic key encryption key K is not transmitted between theelectronic key2 and theimmobilizer ECU6 for additional registration of theelectronic key2. This makes it difficult for someone to obtain the electronic key encryption key K. In the initial registration of theelectronic key2, theelectronic key2 obtains the vehicle ID code VID-A stored beforehand in theimmobilizer ECU6, theimmobilizer ECU6 obtains the SEED code SC-1f stored beforehand in theelectronic key2, and the encryption key K-1 is generated by performing a computation using the SEED code SC-1f and the key generation logic f. Prior to the initial registration, theelectronic key2 and theimmobilizer ECU6 do not store the vehicle ID code VID-A and the encryption key K-1, respectively. This eliminates the need for theelectronic key2 including the vehicle ID code and theimmobilizer ECU6 including the encryption key to be shipped out together as a set from a factory. Theelectronic key2 subsequent to initial registration stores the vehicle ID code VID-A and thus cannot be registered to anotherimmobilizer ECU6. As a result, security is improved, while facilitating registration.

The present embodiment has the advantages described below.

(1) Anonline immobilizer ECU6 returns the vehicle code VID and the SEED code SC-2h, which is read from the online additionalelectronic key2b, to thedata center10. Thedata center10 generates the electronic key encryption key K-2 by performing a computation using the SEED code SC-2h and the key generation logic h, and generates the SEED code SC-2Ag by performing a computation using the generated electronic key encryption key K-2, the vehicle ID code VID-A, and the key generation logic g. Theimmobilizer ECU6 obtains the SEED code SC-2Ag from thedata center10. Theimmobilizer ECU6 generates the electronic key encryption key K-2 by performing a computation using the vehicle ID code VID-A, the obtained SEED code SC-2Ag, and the key generation logic g. Then, theimmobilizer ECU6 stores the generated electronic key encryption key K-2. In contrast, anoffline immobilizer ECU6 that cannot communicate with thedata center10 generates the electronic key encryption key K-3 by performing a computation using the SEED code SC-3Ag stored in the offline additionalelectronic key2c, the vehicle ID code VID-A stored in theimmobilizer ECU6, and the key generation logic g. Then, theimmobilizer ECU6 stores the generated electronic key encryption key K-3. In this manner, theimmobilizer ECU6 is capable of additionally registering anelectronic key2 to theimmobilizer ECU6 online and offline. This improves security, while facilitating registration.

(2) In the initial manufacturing step, theimmobilizer ECU6 stores the vehicle ID code VID-A but not the electronic key encryption key K-1. Further, the initialelectronic key2astores the electronic key encryption key K-1 but not the vehicle ID code VID-A. During initial manufacturing, the information stored in theelectronic key2 is not paired with the information stored in theimmobilizer ECU6. Thus, there is no need to ship theelectronic key2 and theimmobilizer ECU6 together out of the factory. In the initial registration step, theimmobilizer ECU6 obtains the SEED code SC-1f from the initialelectronic key2a, generates the electronic key encryption key K-1 through a computation using the SEED code SC-1f and the key generation logic f, and stores the electronic key encryption key K-1. Thus, theelectronic key2 corresponds to only theimmobilizer ECU6 to which the electronic key encryption key K is registered and does not correspond to theimmobilizer ECU6 of another vehicle. This allows for elimination of the registration of the initialelectronic key2ato theimmobilizer ECU6 of another vehicle and thereby improves security, while facilitating registration.

(3) Theelectronic key2 stores the vehicle ID code VID. Theimmobilizer ECU6 may determine whether or not the initialelectronic key2 corresponds to theimmobilizer ECU6 based on whether or not the vehicle ID code VID of theimmobilizer ECU6 conforms to the vehicle ID code VID of theelectronic key2.

(4) The key ID code KID of the additionalelectronic key2band or2cis stored in theimmobilizer ECU6. Theimmobilizer ECU6 may determine whether or not the additionalelectronic key2band/or2bcorresponds to theimmobilizer ECU6 based on whether or not the key ID code VID stored in theimmobilizer ECU6 conforms to the key ID code KID of theelectronic key2.

It should be apparent to those skilled in the art that the present invention may be embodied in many other specific forms without departing from the spirit or scope of the invention. Particularly, it should be understood that the present invention may be embodied in the following forms.

Theimmobilizer ECU6 that registers theelectronic key2 in an offline environment may be replaced by anew immobilizer ECU6 under an online environment. Theimmobilizer ECU6 that registers theelectronic key2 in an online environment may be replaced by anew immobilizer ECU6 under an offline environment.

In the additional electronic key manufacturing step, the key ID code KID of the additionalelectronic key2band/or2cdoes not have to be stored in theimmobilizer ECU6.

In the initial registration step, the vehicle ID code VID does not have to be stored in the initialelectronic key2a.

The key generation logic f serving as a third logic and used in the initial registration step may be the same as the key generation logic h serving as a first logic and used in the additional electronic key manufacturing step and the additional registration step.

Before executing the additional registration, the additional registration step may include verifying the person performing the registration. For example, the person performing the registration may have an ID code and a password used for verification by thedata center10.

The user of the vehicle may be the person performing registration or a different person.

The registration tool may be a dedicated registration tool or a device formed by a versatile computer such as a personal computer or smartphone incorporating software used for registration.

In the initial registration step, the SEED code may be deleted from thememory42 of theelectronic key2 after initial registration.

The encryption key may be registered after challenge-response verification is performed in the initial registration step and the additional registration step.

Instead of showing the vehicle ID code VID to the user or the person performing registration on thedisplay15 of thevehicle1, a mail be set to a mail address designated by the user or the person performing registration. This allows for only the user or the person performing registration who receives the mail to check the vehicle ID code VID.

The initial registration prohibition operation may be an operation other that performed with theignition switch14.

In the above embodiment, the present invention is applied to theimmobilizer system3 of a type that inserts theelectronic key2 into the key cylinder. However, the present invention may be applied to an electronic key system of a type that becomes communicable when theelectronic key2 enters a communication area formed by thevehicle1.

In the above embodiment, the present invention is applied to an electronic key system of thevehicle1. Instead, the present invention may be applied to an electronic key system for a building such as a house.

The present examples and embodiments are to be considered as illustrative and not restrictive, and the invention is not to be limited to the details given herein, but may be modified within the scope and equivalence of the appended claims.

Claims (7)

The invention claimed is:

1. An electronic key registration system that registers an electronic key device to a vehicle, the electronic key registration system comprising:

a controller arranged in the vehicle and capable of accessing a data center through at least a network;

an initial electronic key device, a first additional electronic key device, and a second additional electronic key device, each storing a unique key ID code and a unique encryption key, wherein each encryption key is used for encrypted communication between the corresponding electronic key device and the vehicle to perform verification; and

a computer-readable medium having instructions stored thereon that include:

a first set of instructions configured to store a vehicle ID code in the controller when manufacturing the controller;

a second set of instructions configured to

generate, with the first additional electronic key device, the encryption key of the first additional electronic key device by performing a computation using a first encryption key generation code stored in the first additional electronic key device and a first logic, and

store the generated encryption key in the first additional electronic key device to manufacture the first additional electronic key device;

a third set of instructions configured to

transmit, with the controller to the data center online, the vehicle ID code and the first encryption key generation code that is stored in the first additional electronic key device,

generate, with the data center, the electronic key device encryption key of the first additional electronic key device by performing a computation using the received first encryption key generation code and the first logic,

generate, with the data center, a second encryption key generation code by performing a computation using the generated electronic key device encryption key, the vehicle ID code, and the second logic,

obtain, with the controller online, the second encryption key generation code from the data center,

generate, with the controller, the encryption key of the first additional electronic key device by performing a computation using the vehicle ID code, the obtained second encryption key generation code, and the second logic, and

store, in the controller, the generated electronic key device encryption key to register the first additional electronic key device;

a fourth set of instructions configured to

store, in the second additional electronic key device, the vehicle ID code corresponding to information indicated on an order sheet, a third encryption key generation code used to generate the encryption key of the second additional electronic key device, the encryption key of the second additional electronic key device generated by performing a computation using the vehicle ID code, the third encryption key generation code, and a second logic to manufacture the second additional electronic key device; and

a fifth set of instructions configured to

read, with the controller, the third encryption key generation code from the second additional electronic key device,

generate, with the controller that is disconnected from the data center, the encryption key of the second additional electronic key device by performing a computation using the third encryption key generation code, the communication ID code stored in the controller, and the second logic, and

store, in the controller that is disconnected from the data center, the encryption key of the second additional electronic key device.

2. The electronic key registration system according toclaim 1, wherein the instructions of the computer-readable medium further include:

instructions configured to

store, in the initial electronic key device, an initial encryption key generation code and the encryption key of the initial electronic key device that is generated by performing a computation using the initial encryption key generation code and a third logic to manufacture the initial electronic key device; and

instructions configured to

obtain, with the controller, the initial encryption key generation code from the initial electronic key device,

generate, with the controller, the encryption key of the initial electronic key device by performing a computation using the initial encryption key generation code and the third logic, and

store, in the controller, the generated encryption key to register the initial electronic key device.

3. The electronic key registration system according toclaim 2, wherein the instruction configured to register the initial electronic key device includes writing, to the initial electronic key device, the vehicle ID code stored in the controller.

4. The electronic key registration system according toclaim 1, wherein

the second set of instructions include an instruction configured to store the key ID code in the first additional electronic key device,

the third set of instructions include an instruction configured to store the key ID code of the first additional electronic key device in the controller,

the fourth set of instructions include an instruction configured to store the key ID code in the second additional electronic key device, and

the fifth set of instructions includes an instruction configured to store the key ID code of the second additional electronic key device in the controller.

5. The electronic key registration system according toclaim 2, wherein

the instruction configured to manufacture the initial electronic key device includes storing the key ID code in the initial electronic key device, and

the instruction configured to register the initial electronic key device includes storing the key ID code of the initial electronic key device in the controller.

6. The electronic key registration system according toclaim 2, wherein the third logic is the same as the first logic.

7. An electronic key registration system, comprising:

a registration tool that outputs a registration signal for requesting for registering an electronic key device to a vehicle;

a controller arranged in the vehicle and capable of accessing a data center through at least a network, the controller storing a vehicle ID code; and

an electronic key device storing an encryption key, wherein the electronic key device is configured to use the encryption key when performing a wireless verification communication with the controller of the vehicle,

wherein the registration tool, the controller, the electronic key device, and the data center include one or more computer-readable media having instructions stored thereon,

wherein the controller is configured to receive the registration signal from the registration tool and to determine whether the received registration signal is an initial registration signal or an additional registration signal,

wherein when the registration signal is an initial registration signal, the controller and the electronic key device are programmed to

obtain, with the controller, an initial encryption key generation code from the electronic key device,

generate, with the controller, the encryption key of the electronic key device by performing a computation using the initial encryption key generation code and a third logic, and

store, in the controller, the generated encryption key of the electronic key device to register the electronic key device,

wherein when the registration signal is an additional registration signal and the controller is able to communicate with the data center through at least the network, the controller and the data center are programmed to

transmit, with the controller to the data center online, the vehicle ID code and a first encryption key generation code that is stored in the electronic key device,

generate, with the data center, the encryption key of the electronic key device by performing a computation using the received first encryption key generation code and a first logic,

generate, with the data center, a second encryption key generation code by performing a computation using the generated encryption key of the electronic key device, the vehicle ID code, and a second logic,

obtain, with the controller online, the second encryption key generation code from the data center,

generate, with the controller, the encryption key of the electronic key device by performing a computation using the vehicle ID code, the obtained second encryption key generation code, and the second logic, and

store, in the controller, the generated encryption key of the electronic key device to register the electronic key device,

wherein when the registration signal is an additional registration signal and the controller is not able to communicate with the data center through at least the network, the controller is programmed to

read, with the controller, a third encryption key generation code from the electronic key device,

generate, with the controller that is disconnected from the data center, the encryption key of the electronic key device by performing a computation using the third encryption key generation code, the communication ID code stored in the controller, and the second logic, and

store, in the controller that is disconnected from the data center, the encryption key of the electronic key device to register the electronic key device.

Images